MySQL Bugs: #108295: mysql80-community-release-el7-6.noarch.rpm has GPG keys in the wrong directory

Bug #108295	mysql80-community-release-el7-6.noarch.rpm has GPG keys in the wrong directory
Submitted:	26 Aug 2022 11:43	Modified:	29 Aug 2022 4:34
Reporter:	Paul Whitaker	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Packaging	Severity:	S3 (Non-critical)
Version:	8.0	OS:	CentOS
Assigned to:	Balasubramanian Kandasamy	CPU Architecture:	Any

Description:
The current release package for EL7 (mysql80-community-release-el7-6.noarch.rpm) has the GPG directly in the /etc directory instead of /etc/pki/rpm-gpg.

That prevents you from installing anything from the repository without moving the keys into the correct location

How to repeat:
Comparing the current release package to the previous one - note the paths of the two GPG keys in the packages are different:

# wget https://dev.mysql.com/get/mysql80-community-release-el7-5.noarch.rpm https://dev.mysql.com/get/mysql80-community-release-el7-6.noarch.rpm

# rpm -qlp mysql80-community-release-el7-5.noarch.rpm 
warning: mysql80-community-release-el7-5.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 3a79bd29: NOKEY
/etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
/etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
/etc/yum.repos.d/mysql-community-source.repo
/etc/yum.repos.d/mysql-community.repo

# rpm -qlp mysql80-community-release-el7-6.noarch.rpm 
warning: mysql80-community-release-el7-6.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 3a79bd29: NOKEY
/etc/RPM-GPG-KEY-mysql
/etc/RPM-GPG-KEY-mysql-2022
/etc/yum.repos.d/mysql-community-debuginfo.repo
/etc/yum.repos.d/mysql-community-source.repo
/etc/yum.repos.d/mysql-community.repo

Installing the current release package & then trying to install a mysql package from it fails due to the GPG keys not being in the correct place:
# yum install mysql80-community-release-el7-6.noarch.rpm 
# yum install mysql-community-libs
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: mirror.cov.ukservers.com
 * extras: mirror.as29550.net
 * updates: mirror.as29550.net
mysql-connectors-community                                                                                   | 2.6 kB  00:00:00     
mysql-tools-community                                                                                        | 2.6 kB  00:00:00     
mysql80-community                                                                                            | 2.6 kB  00:00:00     
(1/3): mysql-connectors-community/x86_64/primary_db                                                          |  90 kB  00:00:00     
(2/3): mysql-tools-community/x86_64/primary_db                                                               |  87 kB  00:00:00     
(3/3): mysql80-community/x86_64/primary_db                                                                   | 211 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package mysql-community-libs.x86_64 0:8.0.30-1.el7 will be installed
--> Processing Dependency: mysql-community-client-plugins = 8.0.30-1.el7 for package: mysql-community-libs-8.0.30-1.el7.x86_64
--> Processing Dependency: mysql-community-common(x86-64) >= 8.0.11 for package: mysql-community-libs-8.0.30-1.el7.x86_64
--> Running transaction check
---> Package mysql-community-client-plugins.x86_64 0:8.0.30-1.el7 will be installed
---> Package mysql-community-common.x86_64 0:8.0.30-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================
 Package                                      Arch                 Version                    Repository                       Size
====================================================================================================================================
Installing:
 mysql-community-libs                         x86_64               8.0.30-1.el7               mysql80-community               1.5 M
Installing for dependencies:
 mysql-community-client-plugins               x86_64               8.0.30-1.el7               mysql80-community               2.5 M
 mysql-community-common                       x86_64               8.0.30-1.el7               mysql80-community               645 k

Transaction Summary
====================================================================================================================================
Install  1 Package (+2 Dependent packages)

Total download size: 4.6 M
Installed size: 31 M
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/mysql80-community/packages/mysql-community-common-8.0.30-1.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 3a79bd29: NOKEY
Public key for mysql-community-common-8.0.30-1.el7.x86_64.rpm is not installed
(1/3): mysql-community-common-8.0.30-1.el7.x86_64.rpm                                                        | 645 kB  00:00:00     
(2/3): mysql-community-client-plugins-8.0.30-1.el7.x86_64.rpm                                                | 2.5 MB  00:00:00     
(3/3): mysql-community-libs-8.0.30-1.el7.x86_64.rpm                                                          | 1.5 MB  00:00:00     
------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                15 MB/s | 4.6 MB  00:00:00     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022

GPG key retrieval failed: [Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022"

Suggested fix:
Move the GPG keys back to /etc/pki/rpm-gpg

Hi Mr. Whitaker,

Thank you for your bug report.

We have checked and concluded that you are correct.

Verified as reported.

Thanks for the bug report. 

We have fixed the GPG key location in the el7 setup RPM (mysql80-community-release-el7-7.noarch.rpm).

Thank you, Balasubramanian Kandasamy, for the quick fix.